romanzolotarev.com: support and follow me on Mastodon and Twitter

Tested on OpenBSD 6.3

Generate random string with random(4)

The urandom device produces high quality pseudo-random output data.

"Never use /dev/random. On OpenBSD, it does the same as /dev/urandom, but on many other systems, it misbehaves. For example, it may block, directly return entropy instead of using a stream cipher, or only return data from hardware random generators."
random(4)

Limit character set

Keep characters you need and exclude everything else tr(1). For example, keep characters from 1 to 6.

$ tr -cd 1-6 < /dev/urandom
413523435426515641232416353563445663545251241323511443266325136454232651
163421554662651365144426161433312335
^C
$

Trim

fold(1) into twenty-character wide lines, then head(1) the first line:

$ tr -cd 1-6 < /dev/urandom |
> fold -w 20 |
> head -n 1
15521625233645245322
$

Another way to take first 20 characters, use dd(1):

$ tr -cd 1-6 < /dev/urandom |
> echo $(dd count=20 bs=1 status=none)
35611246252555226656
$

Adjust character set

Use any range of characters. For, example from the first printable char, space, to tilde.

$ tr -cd ' -~' < /dev/urandom |
> fold -w 20 | head -n 1
a(k#$(K ?I?d!^NM^(5x
$

Or all alphanumeric characters, comma, and dot.

$ tr -cd [:alnum:],. < /dev/urandom |
> fold -w 20 | head -n 1
3zgoNRosNuznXUxzENI.
$

Or just use jot(1)

Run jot(1) with the option -r to print random numbers.

$ jot -r 3
95
23
58
$

Set the range from 32 to 126 (ASCII codes of space and tilde), print a character represented by this number (-c), and separate characters with an empty string (-s '').

$ jot -rcs '' 20 32 126
L(k&C%M{E}7FFT9*H5tt
$

Or use openssl(1)

openssl(1) with rand command outputs pseudo-random bytes and with the -base64 option it encodes the output to its printable form.

$ openssl rand -base64 20
zM+i3ms6UGh8TkS4azknU+ncMIY=
$

"I'd be wary of using openssl(1)→Base64 unless you know that "=" can only come at the end because it's used as padding and so it's not adding anything extra to the password's entropy."
Tim Chase (@gumnos)

See also

diceware, pass


Thanks to David Dahlberg, Tim Chase, Bojan Nastic, horia, Ben Bai for the hints, and to Theo de Raadt for arc4random.